Credential custody for agents: use secrets blind (ssh/http/smtp/git/db), never in context.
Verifiable fact-checking: verdict, confidence, sources, and a tamper-evident certificate.